package com.zhiyi.app.filter;

import com.zhiyi.app.entity.User;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * 自定义一个拦截器，验证用户权限，判断用户权限是否正常
 * 如果正常，放请求过去，不正常的话，让请求无效
 */
public class CheckUserResourceFilter implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request,
                             HttpServletResponse response,
                             Object o) throws Exception {
//        request是请求，在请求中包含请求的地址
        String url=request.getRequestURI();
//        request还能获取session
        User u= (User) request.getSession().getAttribute("user");
//        判断用户是否拥有权限
        if (u.getResouces().contains(url)){
            return true;
        }

        return false;
    }

    @Override
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {

    }

    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {

    }
}
